Published 27 Mar 2026
Duration: 2397
Modern software development must prioritize container security, updated practices for base images, minimized attack surfaces, SBOMs for dependency tracking, and defense-in-depth strategies to combat supply chain risks and outdated components.
This interview was recorded for GOTO State of the Art in November 2025. https://gotopia.tech Read the full transcription of this interview here: https...
The podcast discusses critical issues in modern software development, emphasizing container security and the challenges of maintaining up-to-date systems. It explores how containers, while revolutionizing workflows, require new practices to address vulnerabilities in base images, outdated dependencies, and operational complexities in enterprise environments. Key concerns include the limitations of traditional vulnerability scanners, the low signal-to-noise ratio of CVEs (Common Vulnerabilities and Exposures), and the benefits of minimizing image sizes to reduce attack surfaces. The conversation highlights initiatives like DistroList and Chain Guards approach to creating secure, minimalist container images (e.g., Wolfy, a custom OS) that avoid unnecessary dependencies and prioritize source-based builds to mitigate risks from tampered binaries or compromised supply chains.
The discussion also delves into broader security strategies, such as the importance of Software Bills of Materials (SBOMs) for tracking components and dependencies, the role of attestations in verifying software provenance, and the need for layered defense mechanisms (e.g., immutability, container runtime restrictions, and credential management). Real-world examples, like the XZ Utils attack, underscore the risks of open-source supply chain vulnerabilities and the limitations of relying on single security measures. The podcast advocates for proactive replacement of containers over incremental updates, integration of security data feeds, and education on tools like Chain Guards solutions to improve transparency, consistency, and security in software development and deployment.
15 May 2026 Tech Truth: Teaching Kids to Code with Sonic Pi Sam Aaron & James Lewis
A blend of personal programming and music journeys, technical challenges in concurrency and tool development, Sonic Pi's educational impact, and reflections on AI's role versus human creativity in art and code.
12 May 2026 Toad: Your AI Coding Agent Deserves a Better User Interface Will McGugan & Olimpiu Pop
Explores modernizing terminal-based development with open-source tools like *Rich* and *Textual*, introduces *Toad* for polished AI-powered terminal interfaces, and addresses challenges in blending AI with traditional commands, token costs, context management, and external agent integration.
8 May 2026 Java Cookbook Ian Darwin & Jeanne Boyarsky
Java's evolution through features like Records and Switch Expressions, career transitions from Fortran, integration with R for data analysis, AI's role in coding, structured learning resources, open-source contributions, and concerns about AI's impact on education and intellectual property are explored.
A deep dive into microservices challenges, server-driven contract testing via Spring Cloud Contract, AI-driven contract generation with human oversight, observability strategies, and balancing automation with foundational knowledge and community feedback to avoid tooling pitfalls.
1 May 2026 Learning API Styles Lukasz Dynowski & Sam Newman
This exploration of API design delves into networking fundamentals, communication paradigms, protocol mechanics, trade-offs in security and performance, data formats, microservices communication patterns, emerging technologies like Web Transport and gRPC, and the critical role of secure, documented, and reproducible frameworks aligned with architectural and use-case demands.